Patch Name: PHSS_31824 Patch Description: s700_800 11.04 Virtualvault 4.7 OWS update Creation Date: 04/08/06 Post Date: 04/08/17 Hardware Platforms - OS Releases: s700: 11.04 s800: 11.04 Products: Virtualvault A.04.70 Filesets: VaultWS.WS-CORE,fr=A.04.70,fa=HP-UX_B.11.04_32/64,v=HP Automatic Reboot?: Yes Status: General Release Critical: No Category Tags: defect_repair enhancement general_release Path Name: /hp-ux_patches/s700_800/11.X/PHSS_31824 Symptoms: PHSS_31824: 1. SSL-enabled Outside Apache Web Server may exhibit unexpected behavior for mod_ssl versions prior to 2.8.19 PHSS_31058: 1. SSL-enabled Outside Apache Web Server may exhibit unexpected behavior for mod_ssl versions prior to 2.8.18 2. mod_proxy module of outside Apache web server may exhibit unexpected behavior in versions 1.3.26 to 1.3.31. PHSS_30945: 1. Apache Outside Web Server may exhibit unexpected behavior in versions prior to 1.3.31. PHSS_30641: 1. SSL-enabled outside Apache web server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7d 2. mod_jk module of outside Apache web server does not support cronolog utility. 3. When speedcard is enabled outside Apache web server may not start. PHSS_30406: Aborted connections are not handled properly by mod_jk. PHSS_30056: 1. Apache Outside Web Server may exhibit unexpected behavior in versions prior to 1.3.29. 2. SSL-enabled Apache Webproxy server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7c. 3. When LimitRequestBody directive is set and a client posts data greater than LimitRequestBody value then the user defined ErrorDocuments are not served. Defect Description: PHSS_31824: 1. SSL-enabled Outside Apache Web Server may exhibit unexpected behavior for mod_ssl versions prior to 2.8.19. Resolution: 1. Migrated mod_ssl module of Outside Apache Web Server version from 2.8.18 to 2.8.19. PHSS_31058: 1. SSL-enabled Outside Apache Web Server may exhibit unexpected behavior for mod_ssl versions prior to 2.8.18 2. mod_proxy module of outside Apache web server may exhibit unexpected behavior in versions 1.3.26 to 1.3.31. Resolution: 1. Migrated mod_ssl module of Outside Apache Web Server to version 2.8.18. 2. Apache provided a patch for the mod_proxy module that adds a check for invalid content length. PHSS_30945: 1. Apache Outside Web Server may exhibit unexpected behavior in versions prior to 1.3.31. Resolution: 1. Migrated Outside Apache Web Server version from 1.3.29 to 1.3.31. PHSS_30641: 1. SSL-enabled outside Apache web server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7d 2. mod_jk module of outside Apache web server does not support cronolog utility. 3. When speedcard is enabled, outside Apache web server may not start with OpenSSL versions that have RSA blinding turned on. Resolution: 1. Migrated OpenSSL version of outside Apache web server to 0.9.7d. 2. mod_jk module of oustide Apache web server is enhanced to support cronolog utility. 3. Rainbow Technologies provided a patch for the OpenSSL speedcard encryption library. PHSS_30406: Aborted connections are not handled properly by mod_jk. Resolution: Migrated the mod_jk version to 1.2.5. PHSS_30056: 1. Apache Outside Web Server may exhibit unexpected behavior in versions prior to 1.3.29. 2. SSL-enabled Apache Webproxy server may exhibit unexpected behavior for OpenSSL versions prior to 0.9.7c. 3. Local redirect for the user defined ErrorDocument for the error "Request body too large (413)" does not work. Instead the standard 413 error message gets displayed. Resolution: 1. Migrated Outside Apache Web Server version server from 1.3.27 to 1.3.29. 2. Migrated OpenSSL version for Outside Apache Web server from 0.9.6j to 0.9.7c. 3. While handling the local error redirect content length is unset to avoid getting the standard 413 error message while displaying the user defined ErroDocument. Enhancement: No (superseded patches contained enhancements) PHSS_30641: This patch introduces support for cronolog utility for mod_jk module of outside Apache web server. PHSS_30056: This patch introduces the support for AES ciphers for outside Apache web servers. SR: 8606374112 8606367048 8606367047 8606363846 8606354848 8606338699 8606355700 8606295989 8606339401 8606313447 8606352256 Patch Files: VaultWS.WS-CORE,fr=A.04.70,fa=HP-UX_B.11.04_32/64,v=HP: /opt/vaultWS/bin/getawspass /opt/vaultWS/install/bin/ab /opt/vaultWS/install/bin/apxs /opt/vaultWS/install/bin/dbmmanage /opt/vaultWS/install/bin/htdigest /opt/vaultWS/install/bin/htpasswd /opt/vaultWS/install/bin/httpd /opt/vaultWS/install/bin/logresolve /opt/vaultWS/install/bin/rotatelogs /opt/vaultWS/install/libexec/ApacheJServ.jar /opt/vaultWS/install/libexec/httpd.exp /opt/vaultWS/install/libexec/libhttpd.ep /opt/vaultWS/install/libexec/libhttpd.sl /opt/vaultWS/install/libexec/libproxy.so /opt/vaultWS/install/libexec/libssl.so /opt/vaultWS/install/libexec/mod_access.so /opt/vaultWS/install/libexec/mod_actions.so /opt/vaultWS/install/libexec/mod_alias.so /opt/vaultWS/install/libexec/mod_asis.so /opt/vaultWS/install/libexec/mod_auth.so /opt/vaultWS/install/libexec/mod_auth_anon.so /opt/vaultWS/install/libexec/mod_auth_dbm.so /opt/vaultWS/install/libexec/mod_autoindex.so /opt/vaultWS/install/libexec/mod_cern_meta.so /opt/vaultWS/install/libexec/mod_cgi.so /opt/vaultWS/install/libexec/mod_define.so /opt/vaultWS/install/libexec/mod_digest.so /opt/vaultWS/install/libexec/mod_dir.so /opt/vaultWS/install/libexec/mod_env.so /opt/vaultWS/install/libexec/mod_expires.so /opt/vaultWS/install/libexec/mod_headers.so /opt/vaultWS/install/libexec/mod_imap.so /opt/vaultWS/install/libexec/mod_include.so /opt/vaultWS/install/libexec/mod_info.so /opt/vaultWS/install/libexec/mod_jserv.so /opt/vaultWS/install/libexec/mod_log_config.so /opt/vaultWS/install/libexec/mod_mime.so /opt/vaultWS/install/libexec/mod_mime_magic.so /opt/vaultWS/install/libexec/mod_negotiation.so /opt/vaultWS/install/libexec/mod_rewrite.so /opt/vaultWS/install/libexec/mod_setenvif.so /opt/vaultWS/install/libexec/mod_speling.so /opt/vaultWS/install/libexec/mod_status.so /opt/vaultWS/install/libexec/mod_tga.so /opt/vaultWS/install/libexec/mod_unique_id.so /opt/vaultWS/install/libexec/mod_userdir.so /opt/vaultWS/install/libexec/mod_usertrack.so /opt/vaultWS/install/libexec/mod_vhost_alias.so /opt/vaultWS/install/libexec/speedcard/libssl.so /opt/vaultWS/install/libexec/engine/libssl.so /opt/vaultWS/install/libexec/tomcat/mod_jserv.so /opt/vaultWS/install/libexec/tomcat/mod_jk.so what(1) Output: VaultWS.WS-CORE,fr=A.04.70,fa=HP-UX_B.11.04_32/64,v=HP: /opt/vaultWS/bin/getawspass: src/misc/getawspass/getawspass.c, vaultWS, vaultWS_4 .7 1.5 03/16/03 /opt/vaultWS/install/bin/ab: None /opt/vaultWS/install/bin/apxs: None /opt/vaultWS/install/bin/dbmmanage: None /opt/vaultWS/install/bin/htdigest: None /opt/vaultWS/install/bin/htpasswd: None /opt/vaultWS/install/bin/httpd: $Source: src/apache/src/main/http_main.c, vaultWS, v aultWS_4.7 $ $Date: 04/06/03 01:00:27 $ $Rev ision: 1.31.1.16 PATCH_11.04 (PHSS_30945) $ /opt/vaultWS/install/bin/logresolve: None /opt/vaultWS/install/bin/rotatelogs: None /opt/vaultWS/install/libexec/ApacheJServ.jar: None /opt/vaultWS/install/libexec/httpd.exp: None /opt/vaultWS/install/libexec/libhttpd.ep: $Source: src/apache/src/main/http_main.c, vaultWS, v aultWS_4.7 $ $Date: 04/06/03 01:00:27 $ $Rev ision: 1.31.1.16 PATCH_11.04 (PHSS_30945) $ /opt/vaultWS/install/libexec/libhttpd.sl: $Source: src/apache/src/main/http_main.c, vaultWS, v aultWS_4.7 $ $Date: 04/06/03 01:00:27 $ $Rev ision: 1.31.1.16 PATCH_11.04 (PHSS_30945) $ $Source: src/apache/src/main/http_vhost.c, vaultWS, vaultWS_4.7 $ $Date: 04/06/03 01:01:45 $ $Re vision: 1.7 PATCH_11.04 (PHSS_30945) $ /opt/vaultWS/install/libexec/libproxy.so: $Source: src/apache/src/modules/proxy/mod_proxy.c, v aultWS, vaultWS_4.7 $ $Date: 04/06/03 00:56: 46 $ $Revision: 1.11.1.3 PATCH_11.04 (PHSS_3 0945) $ $Source: src/apache/src/modules/proxy/proxy_http.c, vaultWS, vaultWS_4.7 $ $Date: 04/06/15 02:32 :22 $ $Revision: 1.15.1.5 PATCH_11.04 (PHSS_ 31058) $ /opt/vaultWS/install/libexec/libssl.so: $Source: src/apache/src/modules/ssl/mod_ssl.c, vault WS, vaultWS_4.7 $ $Date: 04/06/03 00:57:19 $ $Revision: 1.2.2.3 PATCH_11.04 (PHSS_30945) $ mod_ssl/2.8.19 $Source: src/apache/src/modules/ssl/ssl_engine_kerne l.c, vaultWS, vaultWS_4.7 $ $Date: 04/06/15 02:28:57 $ $Revision: 1.5.2.7 PATCH_11.04 (P HSS_31058) $ /opt/vaultWS/install/libexec/mod_access.so: None /opt/vaultWS/install/libexec/mod_actions.so: None /opt/vaultWS/install/libexec/mod_alias.so: None /opt/vaultWS/install/libexec/mod_asis.so: None /opt/vaultWS/install/libexec/mod_auth.so: None /opt/vaultWS/install/libexec/mod_auth_anon.so: None /opt/vaultWS/install/libexec/mod_auth_dbm.so: None /opt/vaultWS/install/libexec/mod_autoindex.so: None /opt/vaultWS/install/libexec/mod_cern_meta.so: None /opt/vaultWS/install/libexec/mod_cgi.so: None /opt/vaultWS/install/libexec/mod_define.so: None /opt/vaultWS/install/libexec/mod_digest.so: None /opt/vaultWS/install/libexec/mod_dir.so: None /opt/vaultWS/install/libexec/mod_env.so: None /opt/vaultWS/install/libexec/mod_expires.so: None /opt/vaultWS/install/libexec/mod_headers.so: None /opt/vaultWS/install/libexec/mod_imap.so: None /opt/vaultWS/install/libexec/mod_include.so: None /opt/vaultWS/install/libexec/mod_info.so: None /opt/vaultWS/install/libexec/mod_jserv.so: None /opt/vaultWS/install/libexec/mod_log_config.so: None /opt/vaultWS/install/libexec/mod_mime.so: None /opt/vaultWS/install/libexec/mod_mime_magic.so: None /opt/vaultWS/install/libexec/mod_negotiation.so: None /opt/vaultWS/install/libexec/mod_rewrite.so: $Source: src/apache/src/modules/standard/mod_rewrite .c, vaultWS, vaultWS_4.7 $ $Date: 04/06/03 0 0:59:56 $ $Revision: 1.5.2.3 PATCH_11.04 (PH SS_30945) $ /opt/vaultWS/install/libexec/mod_setenvif.so: None /opt/vaultWS/install/libexec/mod_speling.so: None /opt/vaultWS/install/libexec/mod_status.so: None /opt/vaultWS/install/libexec/mod_tga.so: $Source: src/apache/src/modules/extra/mod_tga/mod_tg a.c, vaultWS, vaultWS_4.7 $ $Date: 04/06/03 00:56:34 $ $Revision: 1.11.1.3 PATCH_11.04 ( PHSS_30945) $ 93 1.13.1.3 src/gateway/cgi2/iolib/io.c, vaultTS, vaultTS_4.7 06/24/99 11:25:36 /opt/vaultWS/install/libexec/mod_unique_id.so: None /opt/vaultWS/install/libexec/mod_userdir.so: None /opt/vaultWS/install/libexec/mod_usertrack.so: None /opt/vaultWS/install/libexec/mod_vhost_alias.so: None /opt/vaultWS/install/libexec/speedcard/libssl.so: $Source: src/apache/src/modules/ssl/mod_ssl.c, vault WS, vaultWS_4.7 $ $Date: 04/06/03 00:57:19 $ $Revision: 1.2.2.3 PATCH_11.04 (PHSS_30945) $ mod_ssl/2.8.19 $Source: src/apache/src/modules/ssl/ssl_engine_kerne l.c, vaultWS, vaultWS_4.7 $ $Date: 04/06/15 02:28:57 $ $Revision: 1.5.2.7 PATCH_11.04 (P HSS_31058) $ /opt/vaultWS/install/libexec/engine/libssl.so: $Source: src/apache/src/modules/ssl/mod_ssl.c, vault WS, vaultWS_4.7 $ $Date: 04/06/03 00:57:19 $ $Revision: 1.2.2.3 PATCH_11.04 (PHSS_30945) $ mod_ssl/2.8.19 $Source: src/apache/src/modules/ssl/ssl_engine_kerne l.c, vaultWS, vaultWS_4.7 $ $Date: 04/06/15 02:28:57 $ $Revision: 1.5.2.7 PATCH_11.04 (P HSS_31058) $ /opt/vaultWS/install/libexec/tomcat/mod_jserv.so: None /opt/vaultWS/install/libexec/tomcat/mod_jk.so: $Source: src/jakarta-tomcat-connectors/jk/native/apa che-1.3/mod_jk.c, vaultWS, vaultWS_4.7 $ $Da te: 04/04/01 01:17:15 $ $Revision: 1.1 PATCH _11.04 (PHSS_30645) $Source: src/jakarta-tomcat-connectors/jk/native/com mon/jk_connect.c, vaultWS, vaultWS_4.7 $ $Da te: 04/03/08 03:32:59 $ $Revision: 1.3 PATCH _11.04 (PHSS_30406) mod_jk 1.2.5 (tomcat-con nectors 1.2.5 build) $ cksum(1) Output: VaultWS.WS-CORE,fr=A.04.70,fa=HP-UX_B.11.04_32/64,v=HP: 2352876018 119276 /opt/vaultWS/bin/getawspass 2866623275 82083 /opt/vaultWS/install/bin/ab 4270422601 25149 /opt/vaultWS/install/bin/apxs 1319041645 8699 /opt/vaultWS/install/bin/dbmmanage 3848483658 36960 /opt/vaultWS/install/bin/htdigest 3630183071 73896 /opt/vaultWS/install/bin/htpasswd 3880191886 57446 /opt/vaultWS/install/bin/httpd 2745010746 24642 /opt/vaultWS/install/bin/logresolve 3389293934 28733 /opt/vaultWS/install/bin/rotatelogs 329466797 85434 /opt/vaultWS/install/libexec/ApacheJServ.jar 3744632452 8442 /opt/vaultWS/install/libexec/httpd.exp 2789143367 24637 /opt/vaultWS/install/libexec/libhttpd.ep 3683045461 1125114 /opt/vaultWS/install/libexec/libhttpd.sl 1624511861 262461 /opt/vaultWS/install/libexec/libproxy.so 640083650 2166600 /opt/vaultWS/install/libexec/libssl.so 4147380526 20509 /opt/vaultWS/install/libexec/mod_access.so 655192757 16406 /opt/vaultWS/install/libexec/mod_actions.so 1725281552 20526 /opt/vaultWS/install/libexec/mod_alias.so 615997165 12299 /opt/vaultWS/install/libexec/mod_asis.so 1953832257 24602 /opt/vaultWS/install/libexec/mod_auth.so 941480480 12321 /opt/vaultWS/install/libexec/ mod_auth_anon.so 196871165 20504 /opt/vaultWS/install/libexec/mod_auth_dbm.so 2745616409 65630 /opt/vaultWS/install/libexec/ mod_autoindex.so 2556443757 20509 /opt/vaultWS/install/libexec/ mod_cern_meta.so 1246884973 32807 /opt/vaultWS/install/libexec/mod_cgi.so 1349961853 20509 /opt/vaultWS/install/libexec/mod_define.so 206175589 24606 /opt/vaultWS/install/libexec/mod_digest.so 1271695051 16404 /opt/vaultWS/install/libexec/mod_dir.so 2790716612 12312 /opt/vaultWS/install/libexec/mod_env.so 1539593276 24607 /opt/vaultWS/install/libexec/mod_expires.so 2811952512 12312 /opt/vaultWS/install/libexec/mod_headers.so 3636328034 45112 /opt/vaultWS/install/libexec/mod_imap.so 164437725 90215 /opt/vaultWS/install/libexec/mod_include.so 3474986627 40997 /opt/vaultWS/install/libexec/mod_info.so 1283414021 188828 /opt/vaultWS/install/libexec/mod_jserv.so 795736370 45190 /opt/vaultWS/install/libexec/ mod_log_config.so 1744969713 36921 /opt/vaultWS/install/libexec/mod_mime.so 2984419918 53334 /opt/vaultWS/install/libexec/ mod_mime_magic.so 214555969 73838 /opt/vaultWS/install/libexec/ mod_negotiation.so 4156702108 159957 /opt/vaultWS/install/libexec/ mod_rewrite.so 4144885519 20513 /opt/vaultWS/install/libexec/ mod_setenvif.so 2166634409 24605 /opt/vaultWS/install/libexec/mod_speling.so 1815980238 49181 /opt/vaultWS/install/libexec/mod_status.so 1717342268 49222 /opt/vaultWS/install/libexec/mod_tga.so 3009121965 20500 /opt/vaultWS/install/libexec/ mod_unique_id.so 2535516299 20498 /opt/vaultWS/install/libexec/mod_userdir.so 642222596 32820 /opt/vaultWS/install/libexec/ mod_usertrack.so 2917467146 20507 /opt/vaultWS/install/libexec/ mod_vhost_alias.so 3010481562 2166600 /opt/vaultWS/install/libexec/speedcard/ libssl.so 229125222 2326919 /opt/vaultWS/install/libexec/engine/ libssl.so 1412281097 242099 /opt/vaultWS/install/libexec/tomcat/ mod_jserv.so 3700184443 336689 /opt/vaultWS/install/libexec/tomcat/ mod_jk.so Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHSS_30056 PHSS_30406 PHSS_30641 PHSS_30945 PHSS_31058 Equivalent Patches: PHSS_31826: s700: 11.04 s800: 11.04 PHSS_31828: s700: 11.04 s800: 11.04 Patch Package Size: 3770 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHSS_31824 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHSS_31824.depot By default swinstall will archive the original software in /var/adm/sw/save/PHSS_31824. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHSS_31824.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHSS_31824.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHSS_31824.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: PHSS_31058: Refer to the ITRC article number CAST040621141235818 for information on potential Speedcard crypto accelerator inaccessibility problem.